Splunk Search

Community Activity

How do you split two string values joined in one field? hi! Under the field Username, I have two lists, Machine1 and Machine2 I want to split this into two separate column... by mdmaala Communicator in Splunk Search 03-06-2019 0 3	0	3
Same computer multiple authentication attempts Hello. How would I write a search to show a computer that has been authenticating to multiple machines. For example, ... by johann2017 Explorer in Splunk Search 03-06-2019 0 3	0	3
Can you help me extract a filename from a filepath in a field transformation? I have a path (and a variable file_path) that looks like this: C:\\\\Program Files\\\\theapp\\\\the app\\\\Tools\\\\... by mkarimi17 Path Finder in Splunk Search 03-06-2019 0 8	0	8
How do you purge a lookup table of values over 30 days? So I have a search that runs hourly over a lookup table which I have created that includes IP, ticket number, date_ad... by JakeInfoSec Explorer in Splunk Search 03-06-2019 0 4	0	4
Field Extraction - Event table only pulling back one line Hi All, I currently am pulling in data from an application and we are looking extract a single line that the event o... by ryangrobbel Explorer in Splunk Search 03-05-2019 0 3	0	3
How do you check the number of users who are currently using the system(Splunk web UI login) over the last month? How do you check the number of users who are currently using the system(Splunk web UI login) over the last month? by gkumarashanmuga Explorer in Splunk Search 03-05-2019 0 4	0	4
Can we create a vacation tracker in Splunk? We use Splunk for many of our project dashboards & want to see if I can use the same setup to host a Vacation Tracker... by rpradeep Path Finder in Splunk Search 03-05-2019 1 18	1	18
How to use last() and first() commands in splunk? Hi, index="os" sourcetype="Service" CaseNumber=* status=* assignment_group=* \|dedup _time,CaseNumber,assignment_gr... by ramesh12345 Explorer in Splunk Search 03-05-2019 0 1	0	1
Combining rex results I have this search that I'm trying to break down \| tstats `summariesonly` values(Web.url) as url values(Web.src) as ... by jwhughes58 Contributor in Splunk Search 03-05-2019 0 3	0	3
How do you compare if a stats count is greater than another field? I have a stats result with the count field. I want to compare if this count is greater than another field. I.e., a th... by veerendra_modi Loves-to-Learn in Splunk Search 03-05-2019 0 3	0	3
How do you search port ranges and match to service? Hi Guys, I hope someone can help me? I'm looking to search through several port ranges and match against one or mul... by MABurberry Engager in Splunk Search 03-05-2019 0 2	0	2
How do you return Boolean if today matches the dates listed in lookups table? I have mydates.csv file uploaded to Splunk lookups. It looks like this: Date 1/2/2019 2/5/2019 2/16/2019 I need to ... by lucy2019 Explorer in Splunk Search 03-05-2019 0 12	0	12
Two different values for the vertical axis Hi! I am currently working on a project that required to show a timeline duration of a machine runtime, downtime, er... by mdmaala Communicator in Splunk Search 03-05-2019 0 1	0	1
Can you help me use start and end times in one search in a mapped subsearch? I'm trying to connect the sum of measurements from a certain process and connect them to workorders by the times the ... by baklimek New Member in Splunk Search 03-05-2019 0 8	0	8
Regex: subpattern name expected org_name="myOrg" index="myIndex" app_name="myAppName" space_name="Staging" \| rex field=msg "stack:(?<.java\.lang.Ex... by robprice797 New Member in Splunk Search 03-05-2019 0 2	0	2
How do you dynamically generate month name based on a search? I have created a Month over Month dashboard that will eventually become a report that is sent on the 1st day of the m... by rwarnerii New Member in Splunk Search 03-05-2019 0 2	0	2
rex and sed with automatic lookups Hi, This is basically a question of when automatic lookups are applied to data. I have a field url i need to sed a... by christoffertoft Communicator in Splunk Search 03-05-2019 0 2	0	2
index_name variable to use in all index paths I'm looking for a variable that can be used to replace the index name for the following configs in the indexes.conf f... by ashleyherbert Communicator in Splunk Search 03-05-2019 1 5	1	5
Remove fields from a query The title says it all. I'm looking for a way to remove fields from searches and subsearches. I know I can hide fields... by kahless1985 Explorer in Splunk Search 03-05-2019 0 3	0	3
HEC large field value not extracted but is in _raw Have a field in our HEC input that is larger the 10,000 characters. When searching the data input from HEC the field ... by simpkins1958 Contributor in Splunk Search 03-05-2019 0 6	0	6
How do you put constraints in rex? Data: message: ================> Request Details: [requestId:123122313-3453-1122-1112222] [requestMethod = GE... by changj New Member in Splunk Search 03-05-2019 0 3	0	3
How come the rex command is not working like normal regex? Given a string: (path=/myPath/123/endpoint,method=GET,accept=text/plain;version=0.0.4;q=1,/;q=0.1,content-type=nul... by jmorri6 Engager in Splunk Search 03-05-2019 0 2	0	2
Looking for assistance with regex when extracting json from inside of syslog events Original syslog format of json message: Feb 25 16:24:24 hostname.fqdn.com Feb 25 22:24:24 log-forwarder-pn4c9 edge-4... by rhendle Observer in Splunk Search 03-05-2019 0 2	0	2
How to calculate moving average based on 2 fields? Hi Splunkers, Suppose I have 2 values in my seach: Date, # of items purchased, UnitPrice Day1, 4, 0.12 Day2, 10, 0.1... by ADRIANODL Explorer in Splunk Search 03-05-2019 0 7	0	7
How to add values to the fields? Hi, index="osh" sourcetype="Service" CaseNumber=1111 status=* assignment_group=* \| dedup _time,CaseNumber,assignmen... by ramesh12345 Explorer in Splunk Search 03-05-2019 0 3	0	3